The present invention relates to computer software, and in particular, to a method and system for managing object level security to using an object definition hierarchy.
Computer security may be implemented in various ways. For example, in a hierarchical folder system, such as Microsoft Windows, permissions may be specified for a folder and such permissions control access for all subfolders. In other applications, user permissions are assigned based on roles or actions. For example, a user may be an account receivable employee, and the computer software application may have multiple permissions for performing various tasks that are predefined and associated with the “account receivable employee” role. Another user, such as a manager, may have different permissions based on a different role, for example. In an action based permission system, each user may be granted permission to perform specific actions (e.g., on specific entities in the system) within a software system. In some prior art security systems, permissible actions may be grouped in a user role, which may then be assigned to a particular user. Thus, for each action that a user may want to perform, a permission to perform the action may need to be assigned to the user in order to allow the user to perform the action.
One example software system where security is an issue is a risk analysis software application. Typically, a risk analysis software application may have a large number of objects associated with it. Moreover, there may be many users of the risk analysis software application interacting with the objects. Therefore, it may be desirable to control who or what may access a particular object in the risk analysis software application. However, when a risk analysis software application has a large number of objects and also a large number of users, it may cumbersome to manage because a permission to perform a particular action may need to be assigned for each user that may need to perform the action on the particular object.
Thus, there is a need for improved techniques for managing object level security. The present invention solves these and other problems by providing a method and system for managing object level security using an object definition hierarchy.